Privacy Policy

This Privacy Notice for The Trader's Hindsight (“ we”, “us”, or “our”) describes how and why we might access, collect, store, use, and/or share (“process”) your personal information when you use our services (“Services”), including when you visit our website at https://tradershindsight.com or use The Trader's Hindsight as a trading journal and analytics platform.

Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. We are responsible for making decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at support@tradershindsight.com.

Summary of key points

• What personal information do we process? We process the data you provide when you sign up (email, optional display name), the trade data you enter into the Service, and standard request metadata (IP, browser type, timestamps).
• Do we process any sensitive personal information? No. We do not process sensitive personal information (race, religion, health, biometric data, etc.).
• Do we collect information from third parties? No.
• How do we process your information? To provide the Service, communicate with you about your account, prevent fraud and abuse, and comply with law. We do not process your data for advertising or AI model training.
• Who do we share your information with? Only the service providers we use to operate the platform (Supabase, Vercel, Anthropic, Sentry, Flutterwave, NOWPayments, Google, Apple, Tawk.to, MetaApi). We do not sell or share data with anyone else.
• How do we keep your information safe? Encryption at rest and in transit, Row-Level Security policies in the database, private object storage, time-limited signed URLs for screenshots. No system is ever 100% secure, but we follow industry-standard practices.
• What are your rights?Depending on your location you have rights of access, correction, deletion, portability, and more. See “What are your privacy rights?” below.

1. What information do we collect?

Personal information you disclose to us

We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us. The personal information we collect may include:

• Names (display name, if you choose to set one)
• Email addresses (required for sign-in)
• Passwords (for the email + password sign-in method only)
• Contact or authentication data (OAuth tokens from Google/Apple, magic link tokens)

Sensitive Information. We do not process sensitive information.

Payment Data. We may collect data necessary to process your payment if you choose to make purchases. All payment data is handled and stored by Flutterwave (for card payments) and NOWPayments (for cryptocurrency payments). You may find their privacy notices here: Flutterwave Privacy Notice and NOWPayments Privacy Policy.

Social Media Login Data.We provide you with the option to register and sign in using your existing Google or Apple account. If you choose to register in this way, we will collect certain profile information about you from the social media provider (typically your name and email address), as described in the section “How do we handle your social logins?” below.

Trade data you enter.We store the trade and account data you enter into the Service: instrument, direction, entry/exit prices, P&L, risk amounts, screenshots, setup checklists, notes, lesson-learned text, and timestamps. This is your data; you own it. We will not use it for training AI models, for advertising, or for any purpose other than providing the Service to you.

Information automatically collected

We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, country, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services and for our internal analytics and reporting purposes.

Like most web apps, our infrastructure (Supabase and Vercel) records standard request metadata: IP address, browser type, and timestamps. We use this for security, abuse prevention, and troubleshooting — not for advertising.

You can find out more about cookies in our Cookie Policy.

The information we collect includes:

• Log and Usage Data. Service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Services. This includes your IP address, device information, browser type and settings, and information about your activity in the Services (such as date/time stamps, pages viewed, features used).

Google API

Our use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

2. How do we process your information?

We process your personal information for the following purposes:

• To facilitate account creation and authentication and otherwise manage user accounts — so you can create and log in to your account, and we can keep your account in working order.
• To deliver and facilitate delivery of services to the user — to provide you with the requested service (log trades, view analytics, generate reports, run AI features when opted in).
• To respond to user inquiries and offer support — to respond to your inquiries and solve any potential issues.
• To send administrative information — security alerts, billing notifications, terms and policy changes, and other account-related communications.
• To request feedback — to contact you about your use of our Services and improve them.
• To protect our Services — to keep our Services safe and secure, including fraud monitoring and prevention.
• To identify usage trends — to better understand how the Services are being used so we can improve them, based on aggregated, anonymised patterns.
• To save or protect an individual's vital interest — when necessary to prevent harm.

3. What legal bases do we rely on to process your information?

If you are located in the EU or UK, this section applies to you.

The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. We may rely on the following legal bases:

• Consent. We process your information if you have given us permission to use your personal information for a specific purpose (e.g. opting in to AI features). You can withdraw your consent at any time.
• Performance of a Contract. We process your personal information to fulfil our contractual obligations to you, including providing the Services.
• Legitimate Interests. We process your information when reasonably necessary to achieve our legitimate business interests, including security/fraud prevention, service improvement, and analysing usage to retain users.
• Legal Obligations. We process your information where necessary for compliance with legal obligations.
• Vital Interests. We process your information where necessary to protect your vital interests or those of a third party.

If you are located in Canada, this section applies to you. We may process your information if you have given us express consent, or in situations where consent can be inferred. You can withdraw your consent at any time. In limited exceptional cases we may be legally permitted under applicable law to process your information without consent (for fraud detection, legal compliance, investigations, etc.).

4. When and with whom do we share your personal information?

We may share information in specific situations described in this section and/or with the following third parties.

Vendors, Consultants, and Other Third-Party Service Providers. We share your data with third-party vendors who perform services for us or on our behalf and require access to such information to do that work. We have contracts in place with them (including Data Processing Agreements where required) which are designed to safeguard your personal information. They cannot do anything with your personal information unless we have instructed them to. They will not share your personal information with any organisation apart from us and they commit to protect the data they hold on our behalf.

The third parties we share personal information with are:

• Supabase — authentication, database, and file storage. Supabase Privacy Policy.
• Vercel — website hosting. Vercel Privacy Policy.
• Anthropic — AI service provider (for the chatbot, AI insights, and per-trade AI review features). Anthropic operates under a no-train agreement, meaning your data is not used to train their models. Anthropic Privacy Policy.
• Sentry — error monitoring and performance tracking. Sentry Privacy Policy.
• Google — Sign in with Google for authentication. Google Privacy Policy.
• Apple — Sign in with Apple for authentication. Apple Privacy Policy.
• Flutterwave — payment processing for credit and debit cards. Flutterwave Privacy Notice.
• NOWPayments — cryptocurrency payment processing. NOWPayments Privacy Policy.
• Tawk.to — live chat support, loaded only when you start a chat with us. The messages you send and basic visitor data are processed by Tawk.to (US-based). Tawk.to Privacy Policy.
• MetaApi — MetaTrader (MT4/MT5) connectivity, used only if you connect a broker account for automatic trade sync. To link your account we pass MetaApi your MT login, server name, and your read-only investor password, which MetaApi stores in order to maintain a read-only connection and return your trade history. It cannot place trades or withdraw funds. If you never connect a broker, MetaApi receives nothing. MetaApi.

Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.

5. Do we use cookies and other tracking technologies?

We use a single first-party authentication cookie (managed by Supabase) to keep you signed in. We do not use analytics cookies, advertising cookies, tracking pixels, web beacons, or any third-party tracking. We do not serve targeted advertising, and we do not permit third parties to use tracking technologies on our Services.

Full details about our cookie use are set out in our Cookie Policy.

6. Do we offer artificial intelligence-based products?

As part of our Services, we offer products, features, or tools powered by artificial intelligence and machine learning (collectively, “AI Products”). These are designed to enhance your experience and provide you with insights about your own trading. The terms in this Privacy Notice govern your use of the AI Products within our Services.

Use of AI Technologies

We provide AI Products through third-party service providers (“AI Service Providers”), specifically Anthropic. When you use AI features, your input and the relevant trade data needed to generate output will be shared with and processed by Anthropic to enable the requested functionality.

Anthropic operates under a contractual agreement that prohibits the use of your data to train their models. You must not use the AI Products in any way that violates the terms or policies of any AI Service Provider.

Our AI Products

Our AI Products are designed for the following functions:

• AI bots (help chatbot)
• AI insights (pattern analysis across your trade history)
• Text analysis (per-trade AI review of your notes)
• Natural language processing

How we process your data using AI

All personal information processed using our AI Products is handled in line with this Privacy Notice and our agreement with Anthropic. AI features are opt-in — they are disabled by default and only activated when you enable them in your account settings.

How to opt out

To opt out of AI processing, you can:

• Log in to your account settings and disable AI features.
• Contact us at support@tradershindsight.com using the contact information provided.

7. How do we handle your social logins?

Our Services offer you the ability to register and log in using your Google or Apple account. Where you choose to do this, we will receive certain profile information about you from your social media provider. The profile information we receive typically includes your name and email address (and, for Apple Sign In, optionally a relay email if you choose to hide your real email).

We will use the information we receive only for the purposes described in this Privacy Notice or otherwise made clear to you on the Services. Please note that we do not control, and are not responsible for, other uses of your personal information by your third-party social media provider. We recommend that you review their privacy notice to understand how they collect, use, and share your personal information, and how you can set your privacy preferences on their platforms.

8. Is your information transferred internationally?

Our servers are split across multiple regions: our website hosting (Vercel) runs in the United States, while our database, file storage, and authentication (Supabase) run in Australia (Sydney). Regardless of your location, please be aware that your information may be transferred to, stored by, and processed by us in our facilities and in the facilities of the third parties with whom we share your personal information, including facilities in the United States, Australia, Estonia, Nigeria, and other countries.

If you are a resident in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, then these countries may not necessarily have data protection laws or other similar laws as comprehensive as those in your country. However, we will take all necessary measures to protect your personal information in accordance with this Privacy Notice and applicable law.

European Commission's Standard Contractual Clauses

We have implemented measures to protect your personal information, including by using the European Commission's Standard Contractual Clauses for transfers of personal information between us and our third-party providers. These clauses require all recipients to protect all personal information that they process originating from the EEA or UK in accordance with European data protection laws and regulations. Our Standard Contractual Clauses can be provided upon request.

9. How long do we keep your information?

We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). No purpose in this notice will require us keeping your personal information for longer than the period of time in which users have an account with us.

When you delete your account, we will delete or anonymise your personal information within 30 days, except where a longer retention is legally required.

10. How do we keep your information safe?

We have implemented appropriate and reasonable technical and organisational security measures designed to protect the security of any personal information we process. Specifically:

• Your data is stored in Supabase (PostgreSQL), encrypted at rest and in transit.
• Access is protected by Row-Level Security policies — only you can read your own trades and screenshots.
• Screenshots are stored in private object storage and served via time-limited signed URLs that expire after a short window.
• Error monitoring (Sentry) and request logging help us detect and respond to incidents quickly.

However, despite our safeguards, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorised third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. You should only access the Services within a secure environment.

11. Do we collect information from minors?

We do not knowingly collect data from or market to children under 18 years of age or the equivalent age as specified by law in your jurisdiction. By using the Services, you represent that you are at least 18 or the equivalent age as specified by law in your jurisdiction. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we may have collected from children under 18, please contact us at support@tradershindsight.com.

12. What are your privacy rights?

Depending on your state of residence in the US or in some regions, such as the European Economic Area (EEA), United Kingdom (UK), Switzerland, and Canada, you have rights that allow you greater access to and control over your personal information. You may review, change, or terminate your account at any time.

In some regions (like the EEA, UK, Switzerland, and Canada), you have certain rights under applicable data protection laws. These may include the right (i) to request access and obtain a copy of your personal information, (ii) to request rectification or erasure; (iii) to restrict the processing of your personal information; (iv) if applicable, to data portability; and (v) not to be subject to automated decision-making.

If you are located in the EEA or UK and you believe we are unlawfully processing your personal information, you also have the right to complain to your Member State data protection authority or UK data protection authority.

If you are located in Switzerland, you may contact the Federal Data Protection and Information Commissioner.

Withdrawing your consent

If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time. You can withdraw your consent at any time by contacting us or by updating your preferences in your account settings.

Account Information

If you would at any time like to review or change the information in your account or terminate your account, you can:

• Log in to your account settings and update your user account.
• Contact us at support@tradershindsight.com.

Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases within 30 days. We may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms, and/or comply with applicable legal requirements.

13. Controls for do-not-track features

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognising and implementing DNT signals has been finalised. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online — primarily because we don't engage in the kind of cross-site behavioural tracking that DNT is designed to block.

14. Do United States residents have specific privacy rights?

In Short: If you are a resident of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia, you may have the right to request access to and receive details about the personal information we maintain about you and how we have processed it, correct inaccuracies, get a copy of, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information.

Categories of personal information we collect

The table below shows the categories of personal information we have collected in the past twelve (12) months.

• A. Identifiers (name, email, IP address, account name) — Yes
• B. Personal information under California Customer Records statute (name, contact info) — Yes
• C. Protected classification characteristics (gender, age, race, etc.) — No
• D. Commercial information (transaction info, purchase history) — Yes
• E. Biometric information — No
• F. Internet or other similar network activity (browsing/usage data within our Service) — Yes
• G. Geolocation data — No
• H. Audio/electronic/sensory information — No
• I. Professional or employment-related information — No
• J. Education information — No
• K. Inferences drawn from collected personal information — No
• L. Sensitive personal information — No

We will use and retain the collected personal information as needed to provide the Services for as long as the user has an account with us (categories A, B, D, F).

Will your information be shared with anyone else?

We may disclose your personal information with our service providers pursuant to a written contract between us and each service provider. We may use your personal information for our own business purposes, such as for undertaking internal research for technological development and demonstration. This is not considered to be “selling” of your personal information.

We have not sold or shared any personal information to third parties for a business or commercial purpose in the preceding twelve (12) months. We have disclosed categories A, B, D, and F of personal information to our service providers for business or commercial purposes only (operating the Service).

Your rights

You have rights under certain US state data protection laws. These rights include:

• Right to know whether we are processing your personal data
• Right to access your personal data
• Right to correct inaccuracies in your personal data
• Right to request the deletion of your personal data
• Right to obtain a copy of the personal data you previously shared with us
• Right to non-discrimination for exercising your rights
• Right to opt out of the processing of your personal data if it is used for targeted advertising, the sale of personal data, or profiling (we don't do any of these — opt-out is automatic)

How to exercise your rights

To exercise these rights, you can contact us by visiting https://tradershindsight.com/contact, by emailing us at support@tradershindsight.com, or by referring to the contact details at the bottom of this document.

Request verification

Upon receiving your request, we will need to verify your identity to determine you are the same person about whom we have the information in our system. We will only use personal information provided in your request to verify your identity or authority to make the request.

Appeals

Under certain US state data protection laws, if we decline to take action regarding your request, you may appeal our decision by emailing us at support@tradershindsight.com.

California “Shine The Light” Law

California Civil Code Section 1798.83, also known as the “ Shine The Light” law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes.

15. Do other regions have specific privacy rights?

Australia and New Zealand

We collect and process your personal information under the obligations and conditions set by Australia's Privacy Act 1988 and New Zealand's Privacy Act 2020. At any time, you have the right to request access to or correction of your personal information by contacting us.

If you believe we are unlawfully processing your personal information, you have the right to submit a complaint about a breach of the Australian Privacy Principles to the Office of the Australian Information Commissioner, and a breach of New Zealand's Privacy Principles to the Office of New Zealand Privacy Commissioner.

Republic of South Africa

At any time, you have the right to request access to or correction of your personal information by contacting us. If you are unsatisfied with the manner in which we address any complaint, you can contact the office of the regulator (the Information Regulator of South Africa) at enquiries@inforegulator.org.za (general enquiries) or via the POPIA/PAIA Form 5 process.

Nigeria

We are based in Nigeria and process your personal information in accordance with the Nigeria Data Protection Act 2023 (NDPA) and the Nigeria Data Protection Regulation 2019 (NDPR). We process personal data on lawful bases that include your consent, the performance of our contract with you, our legitimate interests in operating and securing the Services, and compliance with legal obligations. We collect only the data described in this notice, store it with our processors, use it to provide and improve the Services, and retain it only as long as needed for those purposes.

As a data subject under Nigerian law you have the right to be informed about how your data is used, to access your data, to request correction or deletion, to object to or restrict processing, to data portability, and to withdraw consent at any time. To exercise any of these rights, email us at support@tradershindsight.com. If you believe we have processed your data unlawfully, you have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC).

16. Do we make updates to this notice?

We may update this Privacy Notice from time to time. The updated version will be indicated by an updated “Effective” date at the top of this Privacy Notice. If we make material changes to this Privacy Notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification.

17. How can you contact us about this notice?

If you have questions or comments about this notice, you may email us at support@tradershindsight.com or contact us by post at:

The Trader's Hindsight
Agbor
Delta State
Nigeria
Phone: +234 811 869 8266

18. How can you review, update, or delete the data we collect from you?

You have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information. These rights may be limited in some circumstances by applicable law. To request to review, update, or delete your personal information, please visit: https://tradershindsight.com/contact.